Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy
In a globally connected world where the number of cloud applications consumed by organisations rises daily, the challenges associated with protecting data and individual’s privacy are therefore also on the rise.
In this webcast we will look at some of the challenges associated with privacy including:
- Understanding contractual obligations
- Managing the geolocation of data
- Applying data transfers mechanisms and controls
Greg Mayfield, Sr. Director, Product Marketing & Michael Koyfman, Principal Global Solution Architect at NetskopeRecorded: Apr 18 201958 mins
Many enterprises have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like Amazon Web Services, Microsoft Azure and Google Cloud Platform. While cloud computing has made it simple to spin up a new server without waiting for IT, this can also be a security nightmare. A simple misconfiguration or human error can compromise the security of your organization's entire cloud environment. Furthermore, "Cloud as an Attack vector"-based threats are increasingly breeding in IaaS, PaaS and SaaS environments to compound organizational risk. Good security hygiene should always be an integral part of any public- or multi-cloud environment, however, this isn’t the reality for many organizations.
Join Netskope for a lively session in which you’ll learn about some common cloud threats and security mistakes made by SecOps and CloudOps admins and how to avoid them.
In this webcast you will learn about:
- How to detect and remediate common misconfigurations in your cloud infrastructure
- How to identify and stop some of the top "Cloud as an Attack vector"-based threats (e.g. cloud phishing, malware, open redirection, coin miner attacks)
- How to follow best practices and maintain continuous compliance in your clouds.
Matthew McKenna, Vice President, International Operations, SecurityScorecardRecorded: Apr 10 201961 mins
This webinar will take a case study approach to demonstrate how security ratings can be leveraged to gain insight the cyber risk governance of organisations. Are organisations working in a structured manner to address cyber risk or are they purely reaction driven? We will look at organisations that have been breached in the last 12 months and explore what insights we can gather from trending across multiple security domains, including network security, DNS health, patching cadence, application security and endpoint security. We will explore how security ratings can help us take proactive measures to help mitigate risk to ourselves or our supply chain and collectively apply better and more disciplined governance.
Josh Stella, Co-Founder and Chief Technology Officer, FugueRecorded: Mar 28 201963 mins
Today’s enterprise needs to move fast at scale in the cloud, but the dynamic and complex nature of the cloud has introduced a significant new risk: a data breach due to misconfiguration and human error. In large enterprise cloud environments, it’s not uncommon to have tens of thousands of resources spanning hundreds of AWS accounts. This creates a challenge for security and compliance teams: How can you ensure critical data is secure and your AWS environments always adhere to policy—without deploying an army of cloud security engineers? Join Fugue as we explore why AWS misconfiguration is such a pervasive problem and how you can successfully address it. You’ll learn how to:
- Prevent misconfiguration in your DevOps workflow
- Identify critical misconfiguration events when they occur
- Remediate misconfiguration and drift using automation
- Measure your misconfiguration risk—and your success in addressing it
Dan Hubbard, Chief Product Officer, Lacework & John Yeoh, Director of Research, CSARecorded: Mar 27 201945 mins
IaaS/PaaS providers like AWS, Azure, and GCP are increasing the productivity of our developers-- making our organizations extraordinarily agile. That same agility must be matched with security and compliance measures of the same speed and scale.
The vast majority of cloud security threats are from misconfigured IaaS instances, compromised accounts, and insider threats but there's emerging threats on the rise as well. And you’ll need deep visibility into your workloads and containers to fight back.
Join us for a live webinar with Dan Hubbard, inaugural CSA Research Fellow, co-inventor of the CSA top threats, and Lacework CPO on the current and emerging threats to public cloud and how best to automate security and compliance across AWS, Azure, and GCP, including:
- Current and emerging threats to AWS, Azure, and Google Cloud environments
- Recommendations on how to prevent, detect, analyze, and respond to cloud cyber attacks
- How to move away from a network-centric mindset and adopt a cloud approach
- How to automate security and compliance across AWS, Azure, GCP, and private clouds
Nimrod Vax, BigID Head of Product & Bill Reid, AWS Senior Manager, Leader, Security and Compliance Solution ArchitectureRecorded: Mar 14 201954 mins
Protection & Privacy in the Cloud: Operationalizing Privacy in AWS Environments
New privacy regulations like GDPR and CCPA make finding and protecting personal information more critical than ever. This means being able to identify both PII and contextual PI by person at scale. This Webinar featuring BigID’s Head of Product and AWS's Leader of Security and Compliance Solution Architecture will examine best practices for finding, protecting and automating PI/PII-centric privacy tasks at scale.
What You Will Learn:
- How to find PII/PI across AWS
- The difference between Protection and Privacy
- How to actualize privacy tasks like DSAR
- The role of ML in cloud-first privacy engineering
Sam Abadir, Vice President of Industry Solutions, LockpathRecorded: Feb 28 201953 mins
Cloud computing offers massive scalability, availability and low-cost services as major benefits, but as with most new technologies, it introduces new risks. Because there is so much opportunity in the cloud, the cloud service provider network is continuously growing. Service providers are using different technologies, different standards, and like all companies have different competency levels.
A couple of the major challenges organizations have when using cloud computing is managing these third-party operational and security risks. As more technology is moved from your company’s infrastructure to cloud, understanding and management of these risks often overwhelms technology and procurement teams.
This can be managed if an effective third-party framework is put into place, appropriately managed and cross-organizational guidelines are being followed.
Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of....
Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud. Hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances.
Lessons from the Cloud
Large enterprises are rethinking technology and data to build a platform for the future and cloud is at the center of this transformation. During this session we will discuss key drivers for cloud adoption, regulatory landscape, building effective controls and solutions, and the cloud journey for large organizations.
Petri Kallberg, CTO at Nordcloud Finland & Markku Rossi CTO at SSH.COMRecorded: Feb 21 201952 mins
The cloud promises to bring savings, agility and scalability. All of this is attainable provided that you know which services to choose for which purpose and how to set up your environment properly. Join multi-cloud experts from Nordcloud and SSH.COM for this exclusive webinar hosted by Cloud Security Alliance where we will discuss the following topics:
•Why vendor-lock might not be your best option in the cloud
•Why ensuring the best possible privileged access experience for developers and administrators is vital for your business
•How to make daily access routines operationally efficient with automation
•How to choose best-of-breed services for the cloud based on your business needs
•Why existing cloud vendor or legacy solutions might sometimes add increase costs
Want to know what you can expect at CSA Summit at RSA Conference 2019? Join this webinar to get a preview of...
- From GDPR to California Privacy: Managing Cloud Vendor Risk
Managing vendor risk is a continuous effort under GDPR, California CCPA and other global regulations. As organizations continue to improve their privacy and security programs, streamlining 3rd and 4th party vendor risk has become a priority. This includes everything from filling out vendor assessments, such as the CSA CAIQ, getting sufficient guarantees from your vendors to efficiently working with them during an audit or incident and much more. In this session, you’ll learn how to implement successful vendor risk processes, expedite vendor onboarding, and hear practical advice to automate vendor risk management within a software technology platform.
- Can you trust your eyes? Context as the basis for “Zero Trust” systems
In a digital world, you can’t trust everything you see. While the digital transformation has created countless benefits for enterprises, it has also made it possible to easily disguise reality, increasing the difficulty and complexity of security. Authenticating users and controlling access to critical workloads is challenging, due to the many vulnerabilities that only require network access, and security systems that neglect a key component: context. In this session, Cyxtera VP of Products and Co-Chair of the CSA Software Defined Perimeter Working Group discusses shortcomings with current authentication and authorization protocols, requirements for a consistent and effective security model, and portrays a way forward with a dynamic, context- based security solution.
Andrew Dunbar, VP of Security Engineering and IT at Shopify and Luke Tucker, Senior Director of Marketing at HackerOneRecorded: Feb 13 201941 mins
Security is a top priority for e-commerce giant Shopify, with over 800,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Join Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne as they discuss best practices for testing and securing your cloud-based web applications. The session will also cover how you can scale application security for high-growth DevOps organizations and the tools and programs Shopify relies on to reduce security risk.
In this webinar, you’ll learn to:
- Develop and improve your application security strategy
- Discover and manage critical vulnerabilities effectively
- Scale security for high-growth organizations—with a DevOps methodology
- Identify systematic issues and root causes to reduce long-term risk